BEREC's updated "net neutrality" guidance
I know, it's like Christmas has come early.
This is not an exhaustive analysis, and just covers some of the bits which jumped out to me when I skimmed through.
Who should read this?
Private (non-publicly available) networks and services
BEREC has added a new example to its (short) list of networks and services which it is likely to regard as non-publicly available:
private M2M-networks, for example in factories and ports
It has also updated its general approach to note that:
Where the end-user contracts directly with the ISP specifically for the service, this is more likely to be considered a publicly available service. Enterprise services having a closed group of end-users, that are not available to the general public, would ordinarily not be considered to be publicly available.
Different speeds for different tariffs, and QoS
An updated paragraph 34 provides that:
With regard to characteristics of IAS, agreeing on tariffs for specific data volumes and speeds of the IAS would not represent a limitation of the exercise of the end-users’ rights (ref. Recital 7). Moreover, BEREC considers that end-users’ rights are likely to be unaffected, at least in the case that data volume and speed characteristics are applied in an application-agnostic way (refer to paragraph 34a). The same assumption applies to offering different speeds for different IAS subscriptions, including in the case of mobile IAS subscriptions.
The subsequent paragraphs — 34a to 34d — offer more granular guidance on QoS, and "application-agnostic" measures than existed before.
Paragraphs 42a to 42e build on the previous guidance on zero rating, in particular in terms of things that the relevant national regulatory authority will take into account when assessing the consistent of any particular offering with the Open Internet regulation.
If you are thinking of offering a "zero rated" service, or already have one in market, you'll want to read through this to check how it stacks up.
Filtering and blocking "beyond reasonable traffic management"
The updated guidance considers that, where an ISP provides a DNS facility (as most do), that DNS system is considered to be part of the Internet access service (paragraph 78a):
The default DNS resolvers provided by the ISP when providing the IAS26 are effectively part of the IAS, since these DNS resolvers are automatically installed when the connection is activated and without one the IAS would be practically unusable for the average end-user. Therefore, they are considered part of the IAS and the measures implemented by them must comply with Article 3(3).
I can see the logic in this, although I must admit I am sceptical that it it is the "correct" approach, legally.
It appears — at least on my initial reading of this revised guidance — that BEREC is expressly saying (for the first time) that an ISP is permitted to offer parental controls and other filtered DNS / network-level filtering, as long as this is in addition to DNS which either does not filter or only filters in line with legally-mandated blocks, and the user can choose which servers they use:
ISPs can also offer ... end point-based services (e.g. to provide parental control or filtering functions alongside the IAS) in the same way that they are offered by third party CAPs. Additional DNS resolvers and HTTP proxy servers addressed by the end-user computer are also examples of such end point-based services.